‼ CVE-2021-31797 ‼
📖 Read
via "National Vulnerability Database".
The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34746 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31798 ‼
📖 Read
via "National Vulnerability Database".
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31796 ‼
📖 Read
via "National Vulnerability Database".
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34765 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. The attacker requires valid device credentials. This vulnerability exists because proper role-based access control (RBAC) filters are not applied to file download actions. An attacker could exploit this vulnerability by logging in to the application and then navigating to the directory listing and download functions. A successful exploit could allow the attacker to download sensitive files that should be restricted, which could result in disclosure of sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34732 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.📖 Read
via "National Vulnerability Database".
❌ Digital State IDs Start Rollouts Despite Privacy Concerns ❌
📖 Read
via "Threat Post".
Eight states are introducing drivers licenses and identification cards available for use on Apple iPhones and Watches, but critics warn about the dangers of eliminating the use of a paper-based system entirely.📖 Read
via "Threat Post".
Threat Post
Digital State IDs Start Rollouts Despite Privacy Concerns
Eight states are introducing drivers licenses and identification cards available for use on Apple iPhones and Watches, but critics warn about the dangers of eliminating the use of a paper-based system entirely.
❌ WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted ❌
📖 Read
via "Threat Post".
Users should be careful whose pics they view and should, of course, update their apps.📖 Read
via "Threat Post".
Threat Post
WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted
Users should be careful whose pics they view and should, of course, update their apps.
❌ 7 Ways to Defend Mobile Apps, APIs from Cyberattacks ❌
📖 Read
via "Threat Post".
David Stewart, CEO, Approov, discusses the top mobile attack routes the bad guys use and the best defenses organizations can deploy against them.📖 Read
via "Threat Post".
Threat Post
7 Ways to Defend Mobile Apps, APIs from Cyberattacks
David Stewart, CEO, Approov, discusses the top mobile attack routes the bad guys use and the best defenses organizations can deploy against them.
‼ CVE-2021-3757 ‼
📖 Read
via "National Vulnerability Database".
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3758 ‼
📖 Read
via "National Vulnerability Database".
bookstack is vulnerable to Server-Side Request Forgery (SSRF)📖 Read
via "National Vulnerability Database".
🦿 FBI and CISA warn of potential cyberattacks this holiday weekend, citing past trends 🦿
📖 Read
via "Tech Republic".
The Labor Day holiday could be prime time for more than just barbecues and closing the pool for the year as the open season on ransomware continues.📖 Read
via "Tech Republic".
❌ Cisco Patches Critical Authentication Bug With Public Exploit ❌
📖 Read
via "Threat Post".
There's proof-of-concept code out for the near-maximum critical – rated at 9.8 – authentication bypass bug, but Cisco hasn't seen any malicious exploit yet.📖 Read
via "Threat Post".
Threat Post
Cisco Patches Critical Authentication Bug With Public Exploit
There's proof-of-concept code out for the near-maximum critical – rated at 9.8 – authentication bypass bug but Cisco hasn't seen any malicious exploit yet.
🦿 Execs don't sound very confident about long-term network security in the WFH era 🦿
📖 Read
via "Tech Republic".
After a somewhat clunky initial switch to remote work, it looks like hybrid offices are here to stay; at least for now. But a new report highlights concerns about the long-term resiliency of remote networks.📖 Read
via "Tech Republic".
TechRepublic
Execs don't sound very confident about long-term network security in the WFH era
After a somewhat clunky initial switch to remote work, it looks like hybrid offices are here to stay; at least for now. But a new report highlights concerns about the long-term resiliency of remote networks.
❌ Google Play Sign-Ins Allow Covert Location-Tracking ❌
📖 Read
via "Threat Post".
A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app.📖 Read
via "Threat Post".
Threat Post
Google Play Sign-Ins Allow Covert Location-Tracking
A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app.
‼ CVE-2021-33928 ‼
📖 Read
via "National Vulnerability Database".
Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33938 ‼
📖 Read
via "National Vulnerability Database".
Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33929 ‼
📖 Read
via "National Vulnerability Database".
Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33930 ‼
📖 Read
via "National Vulnerability Database".
Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.📖 Read
via "National Vulnerability Database".
⚠ Pwned! The home security system that can be hacked with your email address ⚠
📖 Read
via "Naked Security".
The alarm system that can be turned off with your email address.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
⚠ Skimming the CREAM – recursive withdrawals loot $13M in cryptocash ⚠
📖 Read
via "Naked Security".
Recursion [noun]: see recursion.📖 Read
via "Naked Security".
Naked Security
Skimming the CREAM – recursive withdrawals loot $13M in cryptocash
Recursion [noun]: see recursion.